CVE-2023-48786 — Server-Side Request Forgery in Fortinet Forticlientems
Severity
4.3MEDIUMNVD
EPSS
0.1%
top 73.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJun 10
Description
A server-side request forgery vulnerability [CWE-918] in Fortinet FortiClientEMS version 7.4.0 through 7.4.2 and before 7.2.6 may allow an authenticated attacker to perform internal requests via crafted HTTP or HTTPS requests.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4
Affected Packages2 packages
🔴Vulnerability Details
2📋Vendor Advisories
1Fortinet▶
A server-side request forgery vulnerability [CWE-918] in Fortinet FortiClientEMS version 7.4.0 through 7.4.2 and before...↗2025-06-10